Apple could have already fixed iOS 7 Untethered Jailbreak exploit

The world of Jailbreaking has become increasingly hard, and gone are the days of seeing a Jailbreak released moments after a public iOS release, and sometimes even during the Beta phase. The case of the iOS 7 Untethered Jailbreak is just that – difficult.

There has been very little news about an iOS 7 Untethered Jailbreak, with news only stemming around rumours of exploits being leaked from the Evad3rs team – the group that are said to be actively working on the iOS 7 Untethered Jailbreak, and the only ones who actually have the resources and knowledge to do so.

The latest news appears to focus around rumours that Apple may have fixed the exploit used in the iOS 7 Untethered Jailbreak after the beta release of iOS 7.1. The developer behind Sn0wbreeze and other tools iH8Sn0w took to Twitter to announce that iOS 7.1 has fixed the ‘mobilebackup2’ exploit which is used to write to the /var/ directory via the MediaDomain symlink.

iOS 7 Untethered Jailbreak

Popular Jailbreak tweak developer phonenixdev, known for tweaks such as Music Controls Pro and Shrink, took to Reddit to explain what this actually means:

Mobilebackup2 is the system used to generate your user backups, as well as place them back on the phone. But it’s designed for only particular folders in the user directory.

It has been used in years past via path walking (prepending ..’s to walk up the directory tree) to let us put files in other places in the /var partition. I’m guessing that they found they could do something similar by creating symlinks to other places on the /var partition.

Actually, I’m not guessing. I know you could do that because a failbreak I once made used that.

P.S. root partition = where the OS is installed; mounted at the base of the filesystem ( / ). /var partition = where the user data is; mounted at /var. When you update your phone, the root partition is overwritten while the var partition stays around. When you restore your phone, both partitions are wiped.

Even Stefan Esser (i0n1c) has taken to Twitter to confirm that certain exploits the iOS 7 Untethered Jailbreak was dependant on have been killed in iOS 7.1.

So Apple has killed some vulnerabilities jailbreakers were using for iOS 7 in iOS 7.1 😛